|
create linux user with limitted access to one folder only
Hello guys,
Actually i have a wonder how to do this action, please advise. I already have a user account with user name "user1", and home directoy /opt/user1. inside /opt/user1 there's a folder called "test". i want to create a new user say "user2" which he has limitted access only for "test" folder, that he cant open any thing else for security Purposes. Again, this "test" folder is under "user1" home directory /opt/user1 . Please advise. I'm using RHEL V4 update 4. Appreciated guys. Ala'eddin |
technically, you want user2 to be able to have rw access to /opt/user1/test (and subdirectories?)
the first thing that occurred to me was to use sudoers rules to allow user2 to act as user1 but only in that directory. You'll need to read the pages very carefully. the second that occurred would be to share that directory via samba or NFS. However, this sounds like you are asking about a particular type of solution instead of asking about your problem. What is it you ae trying to achieve? |
Hi ,
What is the purpose of the same? If User know ftp the use chroot or in samba you can restrict the same. Regards |
Hello guys,
Well, let me explain my issue from the root. I have a RHEL system, with installed applications, and the username and password given to limitted users to access, cause it's critical system. the user account home directory is under /opt/user1. And there's a folder called "generated" with path /opt/user1/generated. And for some request, this folder "generated" have data to use, and i dont wana give them the account username/password to access this folder data, for security issue, u know. so i thought i could create a new user for them, to access this folder and nothing else :) . Appreciate it guys. |
Create a second user (let's say user2).
Put user2 into the same group as user1. Restrict group access from /opt/user1/generated and whatever else you want to restrict. Set group rwx permissions to /opt/user1/test. (with the gid bit too, i.e. "chmod 2775 /opt/user1/test") Voila! |
It might seem a *big* club, but "jailkit" is another option when it comes to restricting access to your system.
http://olivier.sessink.nl/jailkit/ Good luck! PS: In general it seems like a bad idea to grant some(one| stranger) access to a "critical system". A special "dedicated" server is a safer choice there. |
Quote:
- First you create user2, with his own home directory /home/user2. Probably this will also create a new group also called "user2", of which user2 will be the only member. - Add *user1* to the group "user2" (instead of user2 to user1) - ensure that /home/user2 has read/execute (r-x) permissions set for the group, and that it's property of the user "user2" and the group "user2". - make /home/user1/test a link to /home/user2 - voila! |
Quote:
Hmmmm. I read this article from van emery http://www.vanemery.com/Linux/ACL/linux-acl.html Of course he wrote it back then using Fedora core 2. But his tutorial may be quite useful to you. And if i may quote Quote:
|
Quote:
For NFS share : 1) Add a entry for /opt/user1/generated in the file /etc/exports. ( You can use GUI like redhat-config-nfs or system-config-nfs to do the same ) 2) The person who wants to use it will mount it with 'nfs' as the type. Only the folder and nothing else will be available to that user (who need not be on the same machine). There are ways to restrict the hosts and users -- the man pages will give you the details. The procedures for SMB and CIFS are similar -- the advantage being clients(and/or servers) can be on windows machines as well. Also , you can make the share read-only or read-write as per your requirements. Regards, Sourabh |
Quote:
Shouldn't the file just be mirrored to a folder that users "can" access. Just any another place on the network completely, rather then giving someone ANY acces to a critical system that does not implicitly need it. .02 cents D. |
| All times are GMT -5. The time now is 09:31 AM. |